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CLAIMS 

What is claimed is: 

1 . A self-cleansing system comprising: 

a) at least two subsystems, said at least two subsystems including an active 
subsystem and at least one available inactive subsystem; 

b) a communications link connecting said at least two subsystems; 

c) a local network capable of connecting said at least two subsystems to an 
external network; 

d) an arbitration mechanism capable of designating one of said at least one 
available inactive subsystem to be a designated active system; 

e) an IP address shared by at least said active subsystem and said designated 
active subsystem, only said active subsystem utilizing said IP address to output 
information to said external network; 

f) a transfer mechanism capable of: 

i) deactivating said active subsystem, causing said active subsystem to 
become a deactivated subsystem; and 

ii) activating said designated active subsystem, causing said designated 
active subsystem to become said active subsystem; and 

g) a self-cleansing mechanism capable of cleansing said deactivated subsystem, 
causing said deactivated subsystem to become one of said at least one 
available inactive subsystem. 
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2. A system according to claim 1 , wherein said arbitration mechanism uses a criterion 
to select which of said at least one available inactive subsystem is to be designated 
said designated active subsystem. 

3. A system according to claim 1 , wherein said transfer mechanism is activated by a 
transfer criterion. 

4. A system according to claim 3, wherein said transfer criterion is a fault detection 
criterion. 

5. A system according to claim 3, wherein said transfer criterion is an intrusion 
detection criterion. 

6. A system according to claim 3, wherein said transfer criterion considers time. 

7. A system according to claim 1 , wherein at least two of said at least two subsystems 
are firewalls. 

8. A system according to claim 1 , wherein at least two of said at least two subsystems 
are servers. 

9. A system according to claim 1 , wherein at least two of said at least two subsystems 
are gateways. 
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10. A system according to claim 1, further including an integrity check capability. 

1 1. A system according to claim 1, further including an audit capability. 

12. A system according to claim 1, wherein said self-cleansing mechanism includes a 
capability to reboot at least one of said at least two subsystems. 

13. A system according to claim 1 , further including shared storage accessible by at 
least two of said at least two subsystems. 

14. A system according to claim 1 , wherein said communications link is part of said 
local network. 

15. A system according to claim 1 , wherein said active subsystem is a plurality of active 
subsystems. 

16. A method of self-cleansing a system comprising the iterative steps of: 

a) designating one of at least one available inactive subsystem to be a designated 
active subsystem, said at least one available inactive subsystem being part of 
at least two subsystems, said at least two subsystems: 

i) include an active subsystem; 

ii) are connected by a communications link; 
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iii) are capable of sharing an IP address; and 

iv) are connected to a local network that is capable of connecting to an 
external network; 

b) when a transfer criterion is satisfied: 

i) deactivating said active subsystem, causing said active subsystem to 
become a deactivated subsystem; and 

ii) activating said designated active subsystem, causing said designated 
active subsystem to become said active subsystem; and 

c) cleansing said deactivated subsystem, causing said deactivated subsystem to 
become one of said at least one available inactive subsystem; 

wherein only said active subsystem utilizes said IP address to output information to 
said external network. 

17. A method according to claim 16, wherein said step of designating one of at least 
two subsystems to be a designated active subsystem uses a criterion to select 
which of said at least one available inactive subsystem is to be designated said 
designated active subsystem. 

18. A method according to claim 17, wherein said transfer criterion is a fault detection 
criterion. 

19. A method according to claim 17, wherein said transfer criterion is an intrusion 
detection criterion. 
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20. A method according to claim 17, wherein said transfer criterion considers time. 

21 . A method according to claim 16, wherein at least two of said at least two 
subsystems are firewalls. 

22. A method according to claim 16, wherein at least two of said at least two 
subsystems are servers. 

23. A method according to claim 16, wherein at least two of said at least two 
subsystems are gateways. 

24. A method according to claim 16, further including the step of checking the integrity 
of at least one of said deactivated subsystem. 

25. A method according to claim 16, further including the step of auditing said system 
cleansing actions. 

26. A method according to claim 16, wherein said step of cleansing said deactivated 
subsystem includes rebooting said deactivated subsystems. 

27. A method according to claim 16, wherein said active subsystem is a plurality of 
active subsystems. 
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